httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] Proper config for suexec and maintain chroot'ed FTP?
Date Wed, 09 Nov 2005 18:31:48 GMT
On 11/9/05, John Goggan <jgoggan@dcg.com> wrote:

> However, suexec still checks that the file is owned by the user trying to run
> it, correct?  Therefore, is doing a document root of /home (or even / and
> ignoring the doc root check for that matter) that insecure/dangerous if it
> only allows people to run things that they already own?

If the only thing under /home are files normally seen from the web,
then it isn't a big deal.  But if there are other executables under
there, then you open up a signficant danger if anyone ever compromises
the userid under which you run apache.  It doesn't instantly make your
system vulnerable -- it just removes one layer of protection.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message